The Website and Blog of HR Author and Speaker Lori Kleiman

Technology and the Law

privacy2

Compliance issues relating to technology cannot be ignored. Once we allow employees to be more self-sufficient and access our systems, we must be cautious that our data is not compromised and security is not breached. The world of technology compliance is evolving in all aspects of business. As technology impacts human resources, critical compliance issues surround the ownership and privacy of data. Working with your IT leader is critical as you evaluate the interaction between employees and systems.

Common intersections of HR and IT are being explored by HR departments on a regular basis. Ensure that you have a close relationship with your IT counterpart and they are willing, interested, and available to help evaluate new policies as technology continues to evolve. The most common issues we are facing today include:

  • Internet access – Employees are regularly given access to the Internet. The company should monitor this access and have a written policy that covers sharing of data and downloading programs onto company systems. Most importantly is blocking access to sites that are not appropriate. We all know about the sexually explicit sites, but do your employees have access to Monster, Career Builder or other job search sites during the work day? If so, these are the first few sites I would block!
  • Viewing employee communication – Employees still seem to have a notion that when they use our systems for private communication there is an expectation of privacy. Recent policy indicates that employees should be notified whether their email and Internet use will be tracked and/or viewed by the company. Include this policy in the employee handbook or a separate information technology policy. Be sure that your IT teams understand what information you will need access to in the event of a complaint. Backups are common, but those files can be difficult to access if you are looking for limited data from one employee.
  • Bring Your Own Device (BYOD) – This policy will establish the relationship between your employee’s smart phone, tablet (or latest device!) and your organization. Employees commonly use their own devices to connect to organizational resources. The complexity of this has arisen as a hot topic in 2015. It continues to be an area that most groups have ignored. Organizations are analyzing the cost of providing smart phones to employees with the loss of control of data security. Most major organizations are creating, defining, and implementing BYOD policies to address common issues with technology security.
  • Security Passwords protect unauthorized use of programs and data, but employees typically find passwords cumbersome. Their solution is often to have a list of passwords pinned to the cubicle wall, or post it notes displayed all over the monitor. Your organization must have policies about security. What is the appropriate method of password storage, and how are those shared in your organization? How will you gain access to resources if an employee terminates without providing passwords for key programs? This should be discussed and communicated to employees.
  • Social media – The concept of protected concerted activity requires you to allow an employee to voice their opinion about working conditions to a group of other employees. At the same time there is awareness that employee conversations have never been so accessible to the entire world. To help employers navigate the protection in a world of global communication, the National Labor Relations Board provided guidance in 2012 regarding employee policies on social media. All organizations should be familiar with this recommendation and adopt a similar policy. While it is difficult to regulate employee communication, you can set expectations about the privacy of your processes, clients and other employees.

So remember…….

Aligning your human resources operation with a skilled technology administrator is an important connection for your organization. Consider the compliance issues of retaining applicant data, storage of emails for use in employment law cases, and monitoring employee communication for investigation of workplace issues. It may not occur to HR to have these conversations with IT to ensure that the information is being stored as you anticipate. You should have a regular updates between HR and IT to make certain that data retention policies are in line with the actual practices of their function. Where you have a dedicated technology team for your operation, it is essential that they work closely with HR in these situations. If you do not have a dedicated IT team, spend time with the IT vendor to ensure your data is secure and retained.

The preceding blog post is excerpted from Lori Kleiman’s upcoming book, Taking Your SEAT at the Table, soon to be released. For more information, or to pre-order your copy click here!

Photo used under the following license.